skip to main content
Connection property descriptions : KMSKeyName
  

Try DataDirect Drivers Now

KMSKeyName

Purpose

Specifies the customer-managed encryption key (CMEK) that the driver uses for executing queries. If it is not specified, the driver uses the default key encryption key from Google.
To learn more about CMEK, refer to the Google documentation.

Valid Values

projects/project/locations/location/KeyRings/keyring/cryptoKeys/key
where:
project
specifies the name of the project that you want the driver to connect to.
location
specifies the geographical location where your dataset is stored.
keyring
specifies the key ring value, which is a prerequisite for creating CMEK. To learn how to create a key ring, refer to the Google documentation.
key
specifies the CMEK value. To learn how to create a key, refer to the Google documentation.

Notes

*Passing KMSKeyName as part of job configuration is not supported for DDL statements. Therefore, for Create statements, CMEK must be provided using the Options clause, in the following format:
CREATE TABLE <dataset_name>.<table_name>(<column_name> <column_type>)
OPTIONS(kms_key_name='projects/project/locations/location/KeyRings/keyring/cryptoKeys/key')
*If a table is encrypted using CMEK, you can perform insert and select operations on it with or without specifying CMEK. However, you must not specify an incorrect CMEK, as it leads to query failure.
*If you specify a CMEK to query a table that is not encrypted with CMEK, the query will fail.
*CMEKs specified at connection are used to execute queries for the life of the connection.

Data Source Method

setKMSKeyName

Default

None

Data Type

String